You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
#247, which mitigates CVE-2020-27197 (defence against passing a url to parse) breaks libtaxii on windows as urlparse will extract the drive letter as the scheme from absolute paths:
Python 3.8.9 (tags/v3.8.9:a743f81, Apr 6 2021, 14:02:34) [MSC v.1928 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> from libtaxii.validation import SchemaValidator
>>> SchemaValidator(SchemaValidator.TAXII_11_SCHEMA)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "C:\dev\taxiidoom\lib\site-packages\libtaxii\validation.py", line 148, in __init__
schema_doc = parse(schema_file, allow_file=True)
File "C:\dev\taxiidoom\lib\site-packages\libtaxii\common.py", line 40, in parse
raise ValueError('external URLs are not allowed')
ValueError: external URLs are not allowed
>>> SchemaValidator.TAXII_11_SCHEMA
'C:\\dev\\taxiidoom\\lib\\site-packages\\libtaxii\\xsd\\TAXII_XMLMessageBinding_Schema_11.xsd'
>>> from urllib.parse import urlparse
>>> urlparse(SchemaValidator.TAXII_11_SCHEMA)
ParseResult(scheme='c', netloc='', path='\\dev\\taxiidoom\\lib\\site-packages\\libtaxii\\xsd\\TAXII_XMLMessageBinding_Schema_11.xsd', params='', query='', fragment='')
The text was updated successfully, but these errors were encountered:
#247, which mitigates CVE-2020-27197 (defence against passing a url to
parse) breaks libtaxii on windows asurlparsewill extract the drive letter as the scheme from absolute paths:The text was updated successfully, but these errors were encountered: